{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15267", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-29T16:43:44.779Z", "datePublished": "2026-02-07T05:52:37.981Z", "dateUpdated": "2026-04-08T16:46:33.738Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:33.738Z"}, "affected": [{"vendor": "boldthemes", "product": "Bold Page Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.5.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38a3b3bf-9538-4ae8-9da4-d4b48805763b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.7/content_elements/bt_bb_accordion_item/bt_bb_accordion_item.php?marks=28#L28"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "timeline": [{"time": "2025-12-21T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-02-06T17:29:16.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:19:11.067246Z", "id": "CVE-2025-15267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:25:38.882Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:19:11.067246Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:19:11.890Z"}}], "cna": {"title": "Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "boldthemes", "product": "Bold Page Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.5.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-21T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-02-06T17:29:16.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38a3b3bf-9538-4ae8-9da4-d4b48805763b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.7/content_elements/bt_bb_accordion_item/bt_bb_accordion_item.php?marks=28#L28"}], "descriptions": [{"lang": "en", "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:33.738Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15267", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:33.738Z", "dateReserved": "2025-12-29T16:43:44.779Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-07T05:52:37.981Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Bold Page Builder para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del shortcode bt_bb_accordion_item del plugin en todas las versiones hasta la 5.5.7, inclusive, debido a la sanitizaci\u00f3n insuficiente de las entradas y al escape de las salidas en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-15267", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-07T06:16:03.847", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.7/content_elements/bt_bb_accordion_item/bt_bb_accordion_item.php?marks=28#L28"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38a3b3bf-9538-4ae8-9da4-d4b48805763b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:04:37.124209+00:00", "value": {"mitigation_remediation": ["Upgrade Bold Page Builder to version 5.5.8 or later", "Remove or disable the bt_bb_accordion_item shortcode from pages or posts", "Restrict contributor\u2011level access to trusted users only"], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Bold Page Builder plugin by boldthemes, versions 5.5.7 and earlier are affected. Any installation of the plugin in that version range, regardless of configuration, is susceptible if the shortcode is used.", "description_and_impact": "The vulnerability arises from insufficient sanitization of user\u2011supplied attributes in the bt_bb_accordion_item shortcode, allowing an attacker with contributor or higher privileges to embed arbitrary scripts into a page. These scripts are stored and executed for any visitor who views the affected page, providing a persistent cross\u2011site scripting vector.", "risk_and_exploitability": "With a CVSS score of 6.4 the risk is moderate, and an EPSS score of less than 1% indicates that exploitation is unlikely under current conditions. The vulnerability is explicitly not listed in the CISA KEV catalog. Attackers must be authenticated with contributor\u2011level access or higher; the exploit requires site login and access to the shortcode insertion interface. Once a script is injected, it executes for all page visitors, potentially compromising session data or enabling defacement, but widespread exploitation is constrained by the authentication requirement."}}}}, "created": "2026-02-09T10:44:52.030415+00:00", "updated": "2026-04-21T16:15:40.496179+00:00", "vendors": ["bold-themes", "bold-themes$PRODUCT$bold_page_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}